Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-3873

Опубликовано: 12 июн. 2019
Источник: nvd
CVSS3: 6.4
CVSS3: 9
CVSS2: 6
EPSS Низкий

Описание

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 60%
0.00403
Низкий

6.4 Medium

CVSS3

9 Critical

CVSS3

6 Medium

CVSS2

Дефекты

CWE-79
CWE-79

Связанные уязвимости

redhat логотип

CVE-2019-3873

CVSS3: 6.4
redhat
больше 6 лет назад

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks.

github логотип

GHSA-59jq-66fv-jgww

CVSS3: 9
github
больше 3 лет назад

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks.

fstec логотип

BDU:2020-04802

CVSS3: 9
fstec
больше 6 лет назад

Уязвимость компонента Picketlink платформы JBoss Enterprise Application Platform, позволяющая нарушителю осуществлять межсайтовые сценарные атаки

EPSS

Процентиль: 60%
0.00403
Низкий

6.4 Medium

CVSS3

9 Critical

CVSS3

6 Medium

CVSS2

Дефекты

CWE-79
CWE-79